high_confidence
C0027
[C0027](https://attack.mitre.org/campaigns/C0027) was a financially-motivated campaign linked to [Scattered Spider](https://attack.mitre.org/groups/G1015) that targeted telecommunications and business process outsourcing (BPO) companies from at least June through December of 2022. During [C0027](https://attack.mitre.org/campaigns/C0027) [Scattered Spider](https://attack.mitre.org/groups/G1015) used various forms of social engineering, performed SIM swapping, and attempted to leverage access from victim environments to mobile carrier networks.(Citation: Crowdstrike TELCO BPO Campaign December 2022)
Start date
1 June 2022
End date
1 December 2022
Techniques
28
Attributed actors
Techniques (28)
collection2
T1530Data from Cloud Storage
T1213.002Sharepoint
command-and-control5
T1572Protocol Tunneling
T1102Web Service
T1090Proxy
T1219.002Remote Desktop Software
T1105Ingress Tool Transfer
credential-access2
T1621Multi-Factor Authentication Request Generation
T1003.006DCSync
defense-impairment1
T1578.002Create Cloud Instance
discovery4
T1069.003Cloud Groups
T1046Network Service Discovery
T1087.003Email Account
T1087.004Cloud Account
execution1
T1047Windows Management Instrumentation
initial-access4
T1133External Remote Services
T1078.004Cloud Accounts
T1190Exploit Public-Facing Application
T1566.004Spearphishing Voice
lateral-movement1
T1021.007Cloud Services
persistence5
T1098.001Additional Cloud Credentials
T1098.005Device Registration
T1098.003Additional Cloud Roles
T1133External Remote Services
T1078.004Cloud Accounts
privilege-escalation4
T1098.001Additional Cloud Credentials
T1098.005Device Registration
T1098.003Additional Cloud Roles
T1078.004Cloud Accounts
reconnaissance3
T1598.001Spearphishing Service
T1598.004Spearphishing Voice
T1589.001Credentials
resource-development1
T1588.002Tool
stealth2
T1684.001Impersonation
T1078.004Cloud Accounts
Indicators of compromise
No IOCs linked to this campaign yet.